Gravityscan’s First Day Results: In a Word – Wow!
You only realize how incredibly impressive a team is on launch day. The Gravityscan team worked steadily for almost a year, consistently producing releases that added features as Gravityscan grew and became a product. Then, through the QA cycle, the team steadily burned down bugs and made the product rock-solid and ready for launch.
Here Are the Numbers
In the first 24 hours since Gravityscan launched, we processed 26,153 scans.
12,596 unique sites have been added to users’ accounts.
Of those, 6,007 sites had their site ownership verified with Google Analytics, which is by far the fastest and easiest method to verify site ownership. Remember: you need to verify site ownership to see vulnerabilities. We do this to make sure unauthorized users can’t see your site’s vulnerabilities.
We already have our first Pro customers, and many have upgraded multiple sites – in some cases, those upgrades numbered in the double digits – to Gravityscan Pro for faster scans and all the other benefits of Pro.
We have a total of 4,052 registered users now – and climbing.
The Craziness of Launch Day
Yesterday morning starting at 7am Pacific Time, we launched. We let our customers know in groups of about 20,000. Then we upped that to groups of 100,000. Then, finally, groups of 150,000.
Traffic on Gravityscan steadily increased, and everything held together. Until…
When we hit 900 concurrent scans, we started seeing some unexpected behavior. Some of our scan workers had stopped accepting jobs. The team got together and had an emergency meeting. We had an idea about what might be happening, but we didn’t have time to roll out a fix. So we chatted about options.
Our team had the foresight to build resilience in to Gravityscan, even when under extreme load. So what we decided to do was simply kill the scan workers that were no longer accepting jobs and restart them.
We made the call months ago to build Gravityscan for scale and make it incredibly resilient, and the team really delivered. They had designed the application so that if, for some reason, scan workers die, the scan jobs are cancelled and gracefully resubmitted, and our customers receive their results without a hitch.
We started new scan workers and killed the old ones, and everything worked exactly as designed. All affected scan jobs were resubmitted and everything worked perfectly.
And the customer experience? Only if you were paying close attention would you have noticed that your scan progress bar reset to zero and then went ahead and ran the full scan without a hitch. Fortunately, too, this only affected a handful of the large number of customers we had on Gravityscan.com yesterday.
The Benefits of a Trial by Fire
The truth is, we could have spread the launch over days, but we chose not to. Gravityscan is built for scale. We want to be the best vulnerability and malware scan for websites on the Internet. We also want to provide most of the features and benefits of Gravityscan to the online community for free.
That means we must be able to scale rapidly, and we need to be able to do that from launch day. So on launch we made the conscious choice to rapidly accelerate site traffic while closely monitoring performance. This provided us with an opportunity to see exactly how things perform under load and to make Gravityscan even better.
And This Is What We Fixed or Improved in Just 24 Hours
The team has moved incredibly quickly to find the underlying cause of the hiccup we had yesterday and they have gone way beyond that to respond quickly to bug reports.
I’d like to thank all of you, the brand new Gravityscan community, for the bug reports that you submitted via our contact form. The team has been organizing, prioritizing and rapidly fixing the issues you submitted. Your feedback is incredibly helpful and provides us what we need to rapidly improve the product.
Here are some of the fixes we’ve implemented and that are in production since yesterday:
- Fixed the underlying issue that caused scan workers to stop accepting jobs. Everything is super fast and stable now, even at extreme load.
- Removed JustSpam from the blacklists we check when evaluating your site reputation. Their removal process isn’t clear, so they’re out.
- We had a scan signature throwing false positives for malware. We removed it from production.
- We further improved real-time system monitoring so that if we have any load issue in future we are immediately alerted. We also increased the items we are monitoring based on yesterday’s experience.
- Increased hardware available to scan workers to provide even more headroom, over and above the fix implemented.
- Added a third physical server for scanning to further increase capacity.
- Tightened up WordPress version-detection.
- Changed text on certain result types to make it clearer what problem we detected.
- Improved text description for Cloudflare customers to make it clear we know you’re running Cloudflare and to provide suggested config improvements to enhance scan reliability.
- Added detection for the new Joomla vulnerability that emerged today.
- Added detection for the WordPress vulnerabilities that were announced yesterday and fixed in the newest version.
- Added support for usernames with apostrophes.
- Made Google Analytics site verification messages more descriptive and helpful. It is now clear what the error is if you encounter a problem verifying your site with GA.
- We now support some of the newer gTLDs, so if your site uses a mysite.technology or some other long TLD, you will no longer encounter validation errors when adding your site.
- Fixed a formatting error when displaying errors to users.
- Increased our ability to queue jobs in a predictable and stable manner when under high load.
Those are the highlights. We fixed several more minor issues, and the team continues to move at a rapid pace today to add requested functionality to Gravityscan.
Get the Word Out!
We need to let website owners know that there is now a free way to get a thorough malware and vulnerability scan for your website. You no longer need to pay certain enterprise companies thousands of dollars per year for a vulnerability scanner for your website. It’s free!
So I’d like to ask you to use the share buttons below to post Gravityscan to Facebook and Twitter and help us take back the Web from hackers!
Tagged with gravityscan